PYTHON-5862 - Remove usage of uv lock file#2902
Conversation
There was a problem hiding this comment.
Pull request overview
Removes repository and CI reliance on uv.lock and stabilizes dependency resolution by preventing uv from creating/reading lockfiles and by excluding packages released in the last 7 days (to reduce surprise breakages from brand-new upstream releases).
Changes:
- Disable uv lockfile usage via
UV_NO_LOCKin localjustworkflows, GitHub Actions, and Evergreen. - Add
UV_EXCLUDE_NEWER(set to “7 days ago” in UTC) for consistent CI/local resolution behavior. - Remove the
uv lockpre-commit hook and update contributor guidance; ignoreuv.lockin.gitignore.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
justfile |
Exports UV_NO_LOCK and computes UV_EXCLUDE_NEWER to match CI dependency resolution locally. |
CONTRIBUTING.md |
Removes uv.lock update instructions; keeps guidance focused on running typing checks when deps change. |
.pre-commit-config.yaml |
Removes the uv-lock pre-commit hook that ran uv lock. |
.gitignore |
Ignores uv.lock to prevent accidental commits. |
.github/workflows/test-python.yml |
Sets UV_NO_LOCK and adds a composite step to set UV_EXCLUDE_NEWER across jobs. |
.github/actions/set-uv-exclude-newer/action.yml |
New composite action to compute/export UV_EXCLUDE_NEWER in GitHub Actions. |
.evergreen/scripts/configure-env.sh |
Exports UV_NO_LOCK and UV_EXCLUDE_NEWER for Evergreen runs. |
.evergreen/run-tests.sh |
Removes lockfile-specific cleanup/trap now that uv.lock is no longer used. |
|
well LGTM assuming those failing tests are unrelated lol |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
| ec, | ||
| ed448, | ||
| ed25519, | ||
| mldsa, |
There was a problem hiding this comment.
wait sorry if this is a dumb question but why is this change needed in this PR?
There was a problem hiding this comment.
Not a dumb question: removing the lockfile means we no longer pin a specific version of mypy cryptography in our lockfile. The more recent release than our old version required these type changes. Splitting them off into a separate PR might make more sense.
PYTHON-5862
Changes in this PR
Removes all uses of
uv.lockand prevents local or CI usage ofuvfrom creating new lockfiles. Excludes dependency releases made in the last 7 days to prevent accidental breaking changes from making it into CI.Test Plan
N/A.
Checklist
Checklist for Author
[ ] Did you update the changelog (if necessary)?[ ] Is there test coverage?[ ] Is any followup work tracked in a JIRA ticket? If so, add link(s).Checklist for Reviewer